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CLAIMS 

We Claim: 



1 1. A method of administering access and security on a network having a 

2 plurality of computers, comprising: 

3 installing a one-way encrypted password file on each computer of the plurality 
O 4 of computers in the network, wherein the one-way encrypted password file includes a 

5 plurality of user identifications, associated one-way encrypted passwords and 

6 associated privileges for each authorized user allowed access to the plurality of 
si 7 computers and the network; 

p 8 one-way encrypting a password entered by a user when the user logs into a 

Q 9 computer of the plurality of computers on the network; 

DlO checking for a match between the user identification and one-way encrypted 

1 1 password entered by the user and the plurality of user identifications and one-way 

12 encrypted passwords stored in the one-way encrypted password file; 

13 enabling access to data and software contained on the computer and the 

14 network permitted by the associated privileges for the user when a match is found on 

15 the one-way encrypted password file; and 

16 filtering and displaying messages to the user permitted by the associated 

17 privileges when a match is found on the one-way encrypted password file. 
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1 2. The method recited in claim 1, wherein the associated privileges 

2 contained in the one-way encrypted password file indicate the security level and 

3 access privileges of the user identification for access to software, data and messages 

4 contained in the computer, the network, and transmitted over the network. 



1 3. The method recited in claim 1, wherein when one or more attempts of the 

2 user entering a user identification and one-way encrypted password have failed to 

3 match the plurality of user identifications and one-way encrypted passwords contained 

4 in the one-way encrypted password file, the method further comprising: 

5 transmitting to a systems administrator or security officer by the computer a 

6 notification of the failure to provide a one way encrypted user identification and 

7 password that matches a user identification and one-way encrypted password stored 

8 on the one-way encrypted password file. 

1 4. The method recited in claim 3, further comprising: 

2 locking, upon request by the systems administrator or security officer, the 

3 computer being accessed by the user having at least one failed attempt at entering a 

4 user identification and one-way encrypted password so as to permit only access to a 

5 login screen by the user. 
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1 5. The method recited in claim 3, further comprising: 

2 spoofing, upon request by the systems administrator or security officer, the user 

3 into believing that the access has been gained to the computer, wherein spoofing 

4 includes the presentation of false messages and information to the user. 

1 6- The method recited in claim 3, further comprising: 

2 disabling, upon request by the systems administrator or security officer, the 

3 computer system so that the user cannot access the computer system. 

1 7. The method recited in claim 6, further comprising: 

2 deleting, upon request by the systems administrator or security officer, a 

3 plurality of files stored in the computer system. 

1 8. The method recited in claim 1 , further comprising: 

2 displaying to a screen on the computer system a request for re-authentication 

3 at the direction of a system administrator or security officer. 

1 9. The method recited in claim 8, wherein the request for re-authentication 

2 comprises: 

3 displaying a login screen having a position for entry of the user identification and 

4 password. 
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1 10. The method recited in claim 9, wherein the user identification is a role or 

2 title indicative of a level of authority of the user. 

1 11. The method recited in claim 9, further comprising: 

2 accessing a master password file on a computer system accessible by the 

3 systems administrator or security officer; 

4 one-way encrypting the password; and 

5 searching the master password file for a match of the user identification and 

6 one-way encrypted password. 

1 12. The method recited in claim 11, further comprising: 

2 disabling the computer system, or spoofing the user, or locking the computer 

3 system when a match is not found for the user identification and one-way encrypted 

4 password in the master password file. 

1 13. The method recited in claim 1 1 , wherein after the user has entered the 

2 user identification and one-way encrypted password and the user identification and 

3 one-way password has matched that found in the one-way encrypted password file, 

4 further comprising: 

5 entering a new password by the user; 

6 re-authenticating the user identification and one-way password stored on the 

7 master password file; 
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8 one-way encrypting the new password; and 

9 replacing the user identification and password with the one-way encrypted user 
10 identification and the new one-way encrypted password in the master password file. 

1 14- The method recited in claim 13, further comprising: 

2 attaching the master password file to a message; 

3 encrypting the message using a private key and passphrase available only to 

4 the systems administrator or security officer; and 

5 transmitting the message to the plurality of computers. 

1 15. The method recited in claim 14, further comprising: 

2 decrypting the message using a public key corresponding to the private key; 

3 reporting to the system administrator or security officer a failure to decrypt the 

4 message; and 

5 replacing the one-way encrypted password file with the decrypted master 

6 password file. * 

1 16. The method recited in claim 1, further comprising: 

2 detecting an anomalous event in a computer of the plurality of computers; and 

3 reporting the anomalous event to a system administrator or security officer. 
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1 1 7. The method recited in claim 1 6, wherein the anomalous event comprises: 

2 the user has exceeded the number of allowable unsuccessful login attempts; 

3 a change in the users associated privileges has occurred; 

4 a system disable operation was initiated by the user; 

5 a user's password has expired; 

6 a message was rejected due to an invalid digital signature; 

7 a request for remote user re-authentication has been received by the systems 
^ 8 administrator or security officer; 

J 9 a request for a remote user lockout has been received by the system 

CO 

yglO administrator or security officer; and 

£11 a request for remote loading passwords has completed successfully on the 

s _ 1 2 system administrator or security officer. 

E_ i 

g 1 18. The method recited in claim 16, further comprising: 

2 deleting a plurality of files on the computer and disabling the computer in 

3 response to an anomalous event when requested by the system administrator or 

4 security officer or when an immediate shutdown in requested by the user. 

1 19. The method recited in claim 17, further comprising: 

2 disabling the computer system, or spoofing the user, or locking the computer 

3 system when an anomalous event occurs. 
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1 20. A system to administer access and security on a network having a 

2 plurality of computers, comprising: 

3 a one-way encrypted password file on each computer of the plurality of 

4 computers in the network, wherein the one-way encrypted password file includes a 

5 plurality of user identifications, associated one-way encrypted passwords and 

6 associated privileges for each authorized user allowed access to the plurality of 

7 computers and the network; 

8 a user login module to receive a user identification or role and password from 

9 a user and login the user when a match is found in the one-way encrypted password 

10 file; and 

1 1 a channel monitoring and filtering module to monitor and receive broadcast or 

1 2 multicast messages within the network and display the message to the user when the 

13 user's associated privileges permit the viewing of the message. 

1 21. The system recited in claim 20, further comprising: 

2 a password management module to update and insure that all the computers 

3 in the network contain the same one-way encrypted password file. 

1 22. The system recited in claim 20, further comprising: 

2 a remote auditing module to monitor and process anomalous events which may 

3 occur on the computer. 
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1 (1 23. The system recited in claim 22, wherein the anomalous events comprise: 

2 the user has exceeded the number of allowable unsuccessful login attempts; 

3 a change in the users associated privileges has occurred; 

4 a system disable operation was initiated by the user; 

5 a user's password has expired; 

6 a message was rejected due to an invalid digital signature; 

7 a request for remote user re-authentication has been received by the systems 

8 administrator or security officer; 

9 a request for a remote user lockout has been received by the system 

1 0 administrator or security officer; and 

1 1 a request for remote loading passwords has completed successfully on the 

12 system administrator or security officer. 



1 24. The system recited in claim 20, further comprises: 

2 a remote control module to enable a systems administrator or security officer 

3 to take appropriate action when an event transpires, wherein the event is an 

4 anomalous event. 
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1 25. The system recited in claim 24, wherein the appropriate action 

2 comprises: 

3 disabling, upon request by the systems administrator or security officer, the 

4 computer system so that the user cannot access the computer system; and 

5 deleting, upon request by a systems administrator or security officer, a plurality 

6 of files stored in the computer. 

26. The system recited in claim 24, wherein the appropriate action 
comprises: 

spoofing, upon request by a systems administrator or security officer, the user 
into believing that the access has been gained to the computer, wherein spoofing 
includes the presentation of false messages and information to the user. 

27. The system recited in claim 24, wherein the appropriate action 
comprises: 

locking the computer, upon request of a systems administrator or security 
officer, and displaying a login screen for the user to re-authenticate the user 
identification and password. 

1 28. The system recited in claim 20, further comprising: 

2 an authentication module to re-authenticate the user after the user login module 

3 has found a match in the one-way encrypted password contained in the computer by 
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4 checking the user identification and password against a master password file stored 

5 in a computer accessible by a systems administrator or security officer. 

1 29. The system recited in claim 21, wherein the password management 

2 module attaches a master password file containing a complete user identifications, 

3 associated one-way encrypted passwords and associated privileges to a message, 

4 encrypts the message using a private key and passphrase for the system administrator 

5 or security officer and broadcasts the message to all users. 

1 30. The system recited in claim 29, wherein the password management 

2 module decrypts the message using a public key associated with the private key, 

3 replaces the one-way encrypted password file when decryption of the message is 

4 successful and reports a failure to the system administrator or security officer when the 

5 decryption is not successful. 

1 31. A computer program executable by a computer and embedded in a 

2 computer readable medium to administer access and security on a network having a 

3 plurality of computers, comprising: 

4 a one-way encrypted password file on each computer of the plurality of 

5 computers in the network, wherein the one-way encrypted password file includes a 

6 plurality of user identifications, associated one-way encrypted passwords and 
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7 associated privileges for each authorized user allowed access to the plurality of 

8 computers and the network; 

9 a user login code segment to receive a user identification or role and password 

10 from a user and login the user when a match is found in the one-way encrypted 

1 1 password file; and 

12 a channel monitoring and filtering code segment to monitor and receive 

13 broadcast or multicast messages within the network and display the message to the 

14 user when the user's associated privileges permit the viewing of the message. 

1 32. The computer program recited in claim 31 , further comprising: 

2 a password management code segment to update and insure that all the 

3 computers in the network contain the same one-way encrypted password file. 

1 33. The computer program recited in claim 31 , further comprising: 

2 a remote auditing code segment to monitor and process anomalous events 

3 which may occur on the computer. 

1 34. The computer program recited in claim 33, wherein the anomalous 

2 events comprise: 

3 the user has exceeded the number of allowable unsuccessful login attempts; 

4 a change in the users associated privileges has occurred; 

5 a system disable operation was initiated by the user; 
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6 a user's password has expired; 

7 a message was rejected due to an invalid digital signature; 

8 a request for remote user re-authentication has been received by the systems 

9 administrator or security officer; 

10 a request for a remote user lockout has been received by the system 

1 1 administrator or security officer; and 

12 a request for remote loading passwords has completed successfully on the 

1 3 system administrator or security officer. 

1 35. The computer program recited in claim 31, a remote control code 

2 segment to enable a systems administrator or security officer to take appropriate 

3 action when an event transpires, wherein the event is an anomalous event. 

1 36. The computer program recited in claim 35, wherein the appropriate 

2 action comprises: 

3 disabling, upon request by the systems administrator or security officer, the 

4 computer system so that the user cannot access the computer system; and 

5 deleting, upon request by a systems administrator or security officer, a plurality 

6 of files stored in the computer. 
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37. The computer program recited in claim 35, wherein the appropriate 
action comprises: 
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1 spoofing, upon request by a systems administrator or security officer, the user 

2 into believing that the access has been gained to the computer, wherein spoofing 

3 includes the presentation of false messages and information to the user. 

38. The computer program recited in claim 35, wherein the appropriate 
action comprises: 

locking the computer, upon request of a systems administrator or security 
officer, and displaying a login screen for the user to re-authenticate the user 
identification and password. 

39. The computer program recited in claim 31, further comprising: 
an authentication code segment to re-authenticate the user after the user login 

code segment has found a match in the one-way encrypted password contain in the 
computer by checking the user identification and password against a master password 
file stored in a computer accessible by a systems administrator or security officer. 

1 40. The computer program recited in claim 32, wherein the password 

2 management code segment attaches a master password file containing a complete 

3 user identifications, associated one-way encrypted passwords and associated 

4 privileges to a message, encrypts the message using a private key and passphrase 

5 for the system administrator or security officer and broadcasts the message to all 

6 users. 
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1 41. The computer program recited in claim 40, wherein the password 

2 management code segment decrypts the message using a public key associated with 

3 the private key, replaces the one-way encrypted password file when decryption of the 

4 message is successful and reports a failure to the system administrator or security 

5 officer when the decryption is not successful. 
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